Sign up for our weekly security newsletter

Tivadar’s POC could be Non-Trivial Security Concern for Microsoft

A POC (proof-of-concept) is now ready for Windows devices on which it helps to generate without any difficulty the BSOD (blue screen of death). Together with that is also released a video which shows how a denial-of-service condition is possible no matter whether the system is inoperable.

Tivadar, the developer of the POC explains how by utilizing an image that is handcrafted to display one file system of Windows NT and which is incorporated into one USB stick, a con artist can bring down the system via just getting the drive plugged inside USB port and not requiring anymore user interaction.

Microsoft opines that the above should need either social engineering else physical access while doesn't let servicing down-level like releasing certain security patch.

Efforts for examining the POC produced various results, and somebody commented on Bleeping Computer that the exploit does not necessarily work as Tivadar described, and little mattered if the code worked effectively or otherwise. Techrepublic.com posted this online dated April 30, 2018.

In general, according to Tivadar, a driver shouldn't have anything loaded onto it, a code or program shouldn't be run if the PC is shutdown while a tool has been put inside the system. There's more to the security matters for, Tivadar's proof-of-concept likely needs accessing the system physically. Thus, Microsoft is incorrect in handling the matter casually.

Tivadar, when first disclosed the bug pertaining to the NTFS vulnerability during July 2017, he wrote for Microsoft that a blue-screen-of-death could be created via utilizing an NTFS image that was artificially crafted. Simultaneously, the ensuing DOS attack could get pushed via user mode, else Administrator or user account of limited privileges. The conditions could still crash the computer no matter whether it was locked. Additionally, Tivadar stated that when in 2017 Microsoft was apprised of the bug, the software company indicated it wouldn't give the vulnerability any CVE number, even after a fix for it was developed.

Tivadar states the problem in his opinion is truly worrisome. He would like describing the behavior of his POC as code that got run devoid of user consent.

» SPAMfighter News - 07-05-2018

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!